HDX technology provides optimized support for most popular USB devices. Optimized support offers an improved user experience with better performance and bandwidth efficiency over a WAN. Optimized support is usually the best option, especially in high latency or security-sensitive environments.

HDX technology provides generic USB redirection for specialty devices that don’t have optimized support or where it is unsuitable, for example:

• The USB device has more advanced features that are not part of optimized support, such as a mouse or webcam having more buttons.
• Users need functions which are not part of optimized support, such as burning a CD.
• The USB device is a specialized device, such as test and measurement equipment or an industrial controller.
• An application requires direct access to the device as a USB device.
• The USB device only has a Windows driver available. For example, a smart card reader might not have a driver available for Citrix Receiver for Android.
• The version of Citrix Receiver does not provide optimized support for this type of USB device.

With generic USB redirection:

• Users do not need to install device drivers on the user device.
• USB client drivers are installed on the VDA machine.

Note

• Generic USB redirection can be used together with optimized support. If you enable generic USB redirection, configure Citrix USB devices policy settings for both generic USB redirection and optimized support to avoid inconsistent and unexpected behavior.
• The Citrix policy setting Client USB device optimization rules is a specific setting for generic USB redirection, for a particular of USB device. It is not optimized support as described here.
• Client USB plug and play device redirection is a related feature that provides optimized support for devices such as cameras and media players. These devices use the Picture Transfer Protocol (PTP) or Media Transfer Protocol (MTP). Client USB plug and play redirection is not part of generic USB redirection. Client USB plug and play redirection is available on Server OS only.

Performance considerations for USB devices

When using generic USB redirection, for some types of USB devices, network latency and bandwidth can affect user experience and USB device operation. For example, timing-sensitive devices might not operate correctly over high-latency low-bandwidth links. Use optimized support instead where possible.

Some USB devices require high bandwidth to be usable, for example a 3D mouse (used with 3D apps that also typically require high bandwidth). You can avoid performance problems using Citrix polices. For more information, see Bandwidth policy settings for Client USB device redirection, and Multi-stream connection policy settings.

Security considerations for USB devices

Some USB devices are security-sensitive by nature, for example, smart card readers, fingerprint readers, and signature pads. Other USB devices such as USB storage devices can be used to transmit data that might be sensitive.

USB devices are often used to distribute malware. Configuration of Citrix Receiver, XenApp and XenDesktop can reduce, but not eliminate, risk from these USB devices. This applies whether generic USB redirection or optimized support is used.

Important

For security-sensitive devices and data, always secure the HDX connection using either TLS or IPSec. Only enable support for the USB devices that you need. Configure both generic USB redirection and optimized support to meet this need. Provide guidance to users for safe use of USB devices:

• Use only USB devices that have been obtained from a trustworthy source.
• Don’t leave USB devices unattended in open environments - for example, a flash drive in an internet cafe.
• Explain the risks of using a USB device on more than one computer.

Compatibility with generic USB redirection

Generic USB redirection is supported for USB 2.0 and earlier devices. Generic USB redirection is also supported for USB 3.0 devices connected to a USB 2.0 or USB 3.0 port. Generic USB redirection does not support USB features introduced in USB 3.0, such as super speed.

These Citrix Receivers support generic USB redirection:

• Citrix Receiver for Windows, see Configure your XenDesktop environment
• Citrix Receiver for Mac, see Configuring Citrix Receiver for Mac
• Citrix Receiver for Linux, see Optimize
• Citrix Receiver for Chrome OS, see About Citrix Receiver for Chrome 2.1

For Citrix Receiver versions, see the Citrix Receiver feature matrix.

If you are using earlier versions of Citrix Receiver, see Citrix Receiver documentation to confirm that generic USB redirection is supported. Refer to Citrix Receiver documentation for any restrictions on USB device types that are supported.

Generic USB redirection is supported for desktop sessions from VDA for Desktop OS version 7.6 through current.

Generic USB redirection is supported for desktop sessions from VDA for Server OS version 7.6 through current, with these restrictions:

• The VDA must be running Windows Server 2012 R2 or Windows Server 2016.
• Only single-hop scenarios are supported. Double-hop generic USB redirection is not supported for desktop hosted application sessions.
• The USB device drivers must be fully compatible with Remote Desktop Session Host (RDSH) for Windows 2012 R2, including full virtualization support.

Some types of USB devices are not supported for generic USB redirection because it would not be useful to redirect them:

• USB modems.
• USB network adapters.
• USB hubs. The USB devices connected to USB hubs are handled individually.
• USB virtual COM ports. Use COM port redirection rather than generic USB Redirection.

For information on USB devices that have been tested with generic USB redirection, see CTX123569. Some USB devices do not operate correctly with generic USB redirection.

Configure generic USB redirection

You can control, and separately configure, which types of USB devices use generic USB redirection:

• On the VDA, using Citrix policy settings. For more information, see Redirection of client drives and user devices and USB devices policy settings in the Policy settings reference
• In Citrix Receiver, using Citrix Receiver-dependent mechanisms. For example, registry settings that can be controlled by an Administrative Template configure Citrix Receiver for Windows. By default, USB redirection is allowed for certain classes of USB devices and denied for others. For more information, see Configure your XenDesktop environment in the Citrix Receiver for Windows documentation for details.

This separate configuration provides flexibility. For example:

• If two different organizations or departments are responsible for Citrix Receiver and VDA, they can enforce control separately. This applies when a user in one organization accesses an application in another organization.
• Citrix policy settings can control USB devices that are allowed only for certain users or for users connecting only over a LAN (rather than by using NetScaler Gateway).

To allow generic usb redirction, set policy client usb device redirection to allowed. By default, this policy is prohibited. You can also use client usb deivce redirection rules to set rules on what kind of usb devices are allowed in HDX and so on… we also have client USB Plug and Play device redirection policy to allow or prohibit usb devices in a HDX session. This is enabled by default. You can also set bandwidth used by these devices in client usb device redirection bandwidth limit and client usb device redirection bandwidth limit percent.

When Generic USB redirection is enabled, you would see a “Devices” tab in receiver desktop viewer toolbar. You can check what devices can be redirected and see their details.